File _patchinfo of Package patchinfo.13660

<patchinfo incident="13660">
  <issue tracker="cve" id="2019-11045"/>
  <issue tracker="cve" id="2019-11047"/>
  <issue tracker="cve" id="2019-11050"/>
  <issue tracker="cve" id="2019-11046"/>
  <issue tracker="bnc" id="1159924">VUL-0: CVE-2019-11046: php5,php72,php7,php53: OOB read  in bc_shift_addsub</issue>
  <issue tracker="bnc" id="1159923">VUL-0: CVE-2019-11045: php5,php72,php7,php53: PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte</issue>
  <issue tracker="bnc" id="1159922">VUL-0: CVE-2019-11047: php5,php72,php7,php53: information disclosure in exif_read_data()</issue>
  <issue tracker="bnc" id="1159927">VUL-0: CVE-2019-11050: php5,php72,php7,php53: PHP EXIF extension is parsing EXIF information from an image that can cause it to read past the allocated buffer</issue>
  <packager>pgajdos</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for php72</summary>
  <description>This update for php72 fixes the following issues:

- CVE-2019-11045: Fixed an issue with improper input validation in the filename handling of the DirectoryIterator class (bsc#1159923).
- CVE-2019-11046: Fixed an information leak in bc_shift_addsub() (bsc#1159924).
- CVE-2019-11047, CVE-2019-11050: Fixed multiple information leaks in exif_read_data() (bsc#1159922, bsc#1159927).
</description>
</patchinfo>
openSUSE Build Service is sponsored by